Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

42,530 advisories

Loading
The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2026-9644 was published May 28, 2026
The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting... High Unreviewed
CVE-2026-2374 was published May 28, 2026
Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — Unescaped Non-PHP File Rendering Low
CVE-2026-45072 was published for symfony/symfony (Composer) May 27, 2026
A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of... Moderate Unreviewed
CVE-2026-38931 was published May 27, 2026
Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend High
CVE-2026-45368 was published for getkirby/cms (Composer) May 27, 2026
offset Credited to offset
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-49044 was published May 27, 2026
Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed... Moderate Unreviewed
CVE-2026-49102 was published May 27, 2026
Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a... Moderate Unreviewed
CVE-2026-48927 was published May 27, 2026
Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows... Moderate Unreviewed
CVE-2026-47119 was published May 27, 2026
IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0,... Moderate Unreviewed
CVE-2025-3633 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-42751 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Moderate Unreviewed
CVE-2026-42750 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42754 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42759 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42762 was published May 27, 2026
The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2026-2288 was published May 27, 2026
The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin... Moderate Unreviewed
CVE-2026-2280 was published May 27, 2026
The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed
CVE-2026-3349 was published May 27, 2026
The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2026-3348 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42728 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42733 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42729 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42738 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42734 was published May 27, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2026-42739 was published May 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database